Computers
Your computer has performed an illegal operation. Ever our trusty companions, our computers can sadly be turned against us in many ways. We trust our computers with all of our important information and sometimes our deepest secrets. This makes our computers and other devices prime targets for state actors and all the more important for us to protect. So what can you do? The first thing is to look closely at the hardware and software you're using on your computer. Hardware One particularly important thing to note about hardware is your disk drive(s). Conventional computers often use hard disk drives (HDDs) which operate through use of a laser needle reading and writing to a spinning disk inside a cased shell. HDDs have been in use for many years and the nature of the way they store data means that there is a high capability to recover data using forensic methods by police forces, national intelligence/security agencies and private computer security companies. Due to how most modern operating systems work by default, HDDs leave traces of erased data on the disk and waits for them to be overwritten. Such a process could take years of regular usage. However, one storage technology that has emerged over the past couple of decades is that of flash storage, now available to conventional computers in the form of Solid State Drives (SSDs). Flash storage works very differently to that of hard disk storage, not only does it allow for superior read/write speeds over HDDs, it also allows for more effective permanent wiping of data as SSDs leave less traces of erased data. It is still possible to completely overwrite HDDs securely, but it takes a lot longer. It is recommended to choose a SSD over a HDD for the disk drive of a computer that will house the operating system. Operating Systems There are three operating systems available that are worthy of note; Microsoft Windows, Apple's Mac OS and GNU/Linux. The vast majority of you will be running Windows on a PC, some of you will be running Mac OS on an Apple computer and very few of you will be using Linux or anything else. This article will go into details about what you can do to protect your privacy on each of these platforms. Windows Microsoft Windows, being plagued for years with suspicions about secret government backdoors and also being the prime target for most malware due to it's near-total domination of the market, is not the best operating system for privacy, however for many it is indispensable for work and other things. For those who can live without Windows, Linux is most certainly recommended as your operating system of choice due to its superior security and higher degree of control granted to the user. However, for those of you who cannot ditch Windows, here is how you can better protect your privacy. Note: This article assumes use of Windows 10 that is regularly kept up to date and is not linked to a Microsoft account. If your Windows 10 user account is linked to a Microsoft account, it is recommended to switch back to a local account. If you are using a version of Windows older than 10, please be aware of that version's End-of-Life (EoL) for security support. Windows XP and Vista are both deprecated as of 2014 and 2017, respectively. Windows 7 will stop receiving security updates in January 2020 and Windows 8.1 will stop receiving security updates in 2023. Using a version of Windows beyond it's EoL is highly discouraged. Privacy Settings There are many privacy settings in Windows 10 with default configurations that are not ideal for user privacy. It is important to note that, when setting up a new Windows 10 installation for the first time, not to use Express Settings but to instead manually configure them all for your privacy interests. Most technologically literate users could access the Privacy settings interface and use their common sense to go through all options and disable things appropriately. However, for those of you less in the know about what your computer knows about you, you can follow the below steps. Disable Ad-tracking # Go to Settings > Privacy > General # Disable all ad tracking Disable Location Tracking # Go to Settings > Privacy > Location # Under "Allow access to location on this device" click "Change" # Disable location access Disable Activity History # Go to Settings > Privacy > Activity History # Disable everything Disable Cortana This is a little more tricky as it is no longer possible to fully disable Cortana on Windows 10 Home but it is on Windows 10 Pro. However, Windows 10 Home users can still disable many of Cortana's information collection features. Home: # Go to Cortana Settings # Turn off all toggles # Go to the top of the settings panel and click "Change what Cortana knows about me in the cloud" # Scroll to the bottom of the web page and click "Clear" # Go to Settings > Privacy > Speech, inking & typing # Click "Stop getting to know me" Pro: # Perform all above steps for Windows 10 Home users # Go to Start and search for "Edit group policy" then open it # Go to Computer Configuration > Administrative Templates > Windows Components > Search # Find "Allow Cortana" and double-click to open it # Click "Disabled" and then "Ok" Review App Permissions # Go to Settings > Privacy > Location/Microphone/Camera/Contacts/Tasks/Radios/Email/Account info/File system # Review app permissions accordingly, only give permission to essential apps whose functionality depend on such permissions, otherwise revoke all permissions Disable Communication with Unpaired Devices # Go to Settings > Privacy > Other devices # Turn off "Communicate with unpaired devices" Control Diagnostic Data Collection # Go to Settings > Privacy > Diagnostics & feedback # Under "Diagnostic Data" choose the "Basic" setting (it is not possible to fully stop all diagnostic data being sent to Microsoft) # Turn off "Improve inking and typing" # Turn off "Tailored experiences" Control/Disable Background Apps # Go to Settings > Privacy > Background apps # Switch off or control on an app-by-app basis if this functionality is essential Control App Diagnostics # Go to Settings > Privacy > App diagnostics # Under "App Diagnostics", turn off "Let apps access diagnostic information" Hide Notifications on Lock Screen # Go to Settings > System > Notifications & actions # Turn off "Show notifications on the lock screen" Disable Delivery Optimisation # Go to Settings > Update & security > Windows Update > Advanced Options > Delivery Optimisation # Turn off "Allow downloads from other PCs" Malware and Firewall Protection Malware is one of the worst things about Windows and it's one of the reasons why you need to be very careful when using this operating system. For most technologically literate users, the built-in Windows Defender is entirely sufficient combined with good practices such as keeping definitions up to date, setting up routine scans, using an adblocker and knowing what kind of things not to click in web browsers and emails. However, some of you reading this may not be so savvy with the cyber world or maybe you want to help protect your grandma or uncle. For users more prone to making mistakes and compromising their own security by accident, Avast is generally considered a good free option. The reason for this being is that Windows Defender does not monitor for threats in real time using heuristics, whereas Avast does. Monitoring for threats in real time takes a large amount of system resources and the level of security is somewhat excessive for people who employ good practices on the internet. Regardless of whether you are an experienced or inexperienced computer user, you should supplement your anti-malware protection with Malwarebytes. The free version does not allow you to set up automatic scans on a schedule, however this anti-malware product is renowned for being the best at picking up all types of malware. It is recommended to perform a weekly/monthly manual scan with Malwarebytes according to user preference. As for firewall protection, Windows Firewall is entirely sufficient for any user. Cleaning Data Windows stores a lot of data as it goes through its many operations, some of that data is useless junk but some of it contains information about what you do. It is good practice to set up Windows to routinely clear old data from your system in order to reduce the footprint on your system left behind by your activities. There are multiple steps to take in order to give your Windows installation a routine thorough scrubbing. Windows Disk Cleanup # Open Command Prompt # Type command "cleanmgr.exe /sageset:1" and press enter # Click "Clean up system files" and provide Administrator authentication # Check every single box and press "Ok" # Run Task Scheduler and run the "Create Basic Task" wizard # Go through the wizard setting up the schedule that your task will run on # When you get to the Action section, select "Start a program" # In the "Program/Script" field type: "C:\Windows\system32\cleanmgr.exe" # In the "Arguments" field type: "sagerun:1" and click "Next" # Review the summary of your newly created task and click "Finish" Storage Sense Storage Sense is a new feature in Windows 10 that automatically seeks out junk files and deletes them for you across all of your drives. To use Storage Sense: # Go to Settings > System > Storage # Under "Storage sense" ensure that the toggle is switched to "On" and click "Configure Storage Sense or run it now" # Check the box for "Delete temporary files that my apps aren't using" # Configure settings for Recycle Bin, Downloads folder and OneDrive content according to user preference # Under "Free up space now", check the box for "Delete previous versions of Windows" # Click "Clean now" BleachBit BleachBit is a third party application available for Windows and Linux. It is recommended that you use this application along with the above two methods to ensure thorough cleaning of your system. The interface of the program is quite self-explanatory, you check all the options that you wish to clean, you can preview how much space you will free up and then you can execute the command. The program will warn you if you check any options that may interfere with your computer's normal operation as this program does contain one or two experimental features. Although not available in the graphical interface of the application, it is possible to set BleachBit on an automated schedule like Windows Disk Cleanup. To do so: # Follow steps 5-7 for Windows Disk Cleanup guide above # In the "Program/script" field type: "C:\Windows\Program Files\BleachBit\bleachbit_console.exe" # In the "Arguments" field type "--clean --preset" # Review the summary of your newly created task and click "Finish" MacOS MacOS users are often lulled into a false sense of security with common misconceptions that Macs "don't have viruses" and "can't get hacked". Whilst Apple devices and software do enjoy a high degree of built-in security, nothing is impenetrable or infallible, certainly not Macs. Privacy Settings Whilst Apple is often somewhat conscious about collection and usage of user data, there are still privacy settings that users need to be aware of and configure appropriately. Disable Handoff Handoff is a feature whereby certain user information is transmitted between Apple devices connected to the same iCloud account, the idea being you can pick up where you left off from one device to the other, however there are obvious privacy implications here that would lead users to disable the feature. # Go to System Preferences > General # Set "Recent items" to "None" # Check the box for "Allow Handoff between this Mac and your iCloud devices" Unlocking Settings # Go to System Preferences > Security & Privacy > General # Ensure your user account is locked with a password # Require password "immediately" after sleep or screen saver begins # Uncheck box for "Allow your Apple Watch to unlock your Mac" Firewall # Go to System Preferences > Security & Privacy > Firewall # Click "Turn On Firewall" if it is not already turned on # Click "Firewall Options" # Check the box for "Enable stealth mode" App Permissions # Go to System Preferences > Security & Privacy > Privacy # Review access to Location Services, Contacts, Calendars, Reminders, Photos, Camera, Microphone, Accessibility controls, Full Disk Access and Automation # Disable all access entirely where possible Advertising and Analytics # Go to System Preferences > Security & Privacy > Privacy # Go to Analytics and uncheck all three boxes # Go to Advertising, check the box for "Limit Ad Tracking" and click "Reset Advertising Identifier" Spotlight Spotlight is the search application used in MacOS to quickly find all kinds of content on your computer locally or on the web. Disabling Spotlight will prevent it from indexing the contents of your computer. If you rely on Spotlight to find anything on your computer, you need to organise your files better! To disable Spotlight, follow the steps below: # Go to System Preferences > Spotlight # Under the "Search Results" tab, uncheck every single box # If you absolutely insist on using Spotlight then ensure to add folders containing sensitive information to the exclusion list under the "Privacy" tab in order to prevent those folders and files within from being indexed # Uncheck the box at the bottom for "Allow Spotlight suggestions in Look up" iCloud & Internet Accounts iCloud is Apple's online service used to tie in your Apple ID and their own cloud storage service. iCloud allows for many different functions that are not ideal for user privacy, most notably the backing up of user data which is something that all Apple users should be aware of. Ideally, you should not be using iCloud with your Apple device and should disable it by going to System Preferences > iCloud > Sign Out. If iCloud is absolutely necessary to you, consider reviewing carefully what data it backs up and tell it to back up only what is necessary, if anything at all. When you back up data to iCloud, it is then stored in Apple's servers where it can be accessed by law enforcement requests. You should also review other accounts connected to your MacOS installation and disable those as much as you can by going to System Preferences > Internet Accounts and revoking access from there. Remote Access By default, MacOS comes built in with a bunch of different options to access your computer remotely which are switched on. Allowing any form of remote access to your computer leaves a big potential vulnerability that you should patch up as tightly as possible. It is recommend to disable all sharing by going to System Preferences > Sharing and unticking every single option on the left column. Leaving these options turned on creates the risk that someone can bypass your computer's security and access your computer from over the internet without being physically present at your computer. Siri Arguably one of Apple's least useful features on any of its devices. Siri is required to constantly listen for voice input from the user's microphone in order to hear it's command to wake up. Siri also has access to a lot of your apps and files, so it's a pretty obvious privacy concern and not something even worth sacrificing privacy for. To disable Siri: # Go to System Preferences > Siri # Untick "Enable Ask Siri" # Click "Siri Suggestions & Privacy" # Revoke all of Siri's access to your apps and files by unticking all boxes Linux Encryption Windows MacOS Linux Web browsers Firefox Chromium Safari Category:Guides